Ask the Expert

What to look for in a network security audit

What information should I look for when I do a network security audit?

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

This is a short question with a potentially huge answer! A thorough network security audit would start with a network discovery exercise, using a tool like SolarWinds Inc.'s Network Sonar to identify all the devices on the network. This would be followed by a common port scan of the identified devices, using Nmap or SuperScan to look for unused services and locate admin interfaces on devices such as routers, switches, access points, etc.

Next, I would run authenticated vulnerability scans against a representative selection of devices -- the QualysGuard appliance is excellent for this, but Nessus and other scanners provide a good alternative, providing they are configured correctly (beware of causing denial-of-service or other outages).

Lastly, I would compare system configurations with best practice, again for a representative selection of devices, using manual techniques. Best practice will depend on the systems you are using (Cisco vs. Microsoft vs. Unix, etc.). Generally, I advise people to look at the National Security Agency (NSA) and Center for Information Security (CIS) standards documents, although some of their more rigorous settings may need to be relaxed for some commercial environments.

This was first published in October 2009

 

COMMENTS powered by Disqus  //  Commenting policy